Hacker returns NFT Trader’s loot after bounty payment worth 120 ETH

Hacker returns NFT Trader's loot after bounty payment worth 120 ETHHacker returns NFT Trader's loot after bounty payment worth 120 ETH

In this post:

  • Hacker steals $3 million worth of NFTs from NFT Trader, and demands 120 ETH for their return.
  • Boring Security DAO and Yuga Labs collaborate to recover all 36 Bored Ape Yacht Club (BAYC) and 18 Mutant Ape Yacht Club (MAYC) NFTs within 24 hours.

The hacker responsible for the theft of $3 million worth of NFTs from the peer-to-peer trading platform NFT Trader has returned the assets following successful negotiations. This incident, which occurred on December 16, highlighted vulnerabilities in the platform’s security.

Swift recovery through community initiative

The recovery process was spearheaded by the Boring Security DAO, a blockchain security firm that played a pivotal role in retrieving the stolen NFTs within an impressive 24-hour timeframe. The hacker, identified through public messages, demanded a payment of 120 ETH (approximately $267,000) for the safe return of the stolen NFTs.

Yuga Labs, the creator of the Bored Ape Yacht Club (BAYC) and Mutant Ape Yacht Club (MAYC) NFT collections, actively supported the negotiations. Greg Solano, co-founder of Yuga Labs, contributed by paying the 120 ETH bounty, representing 10% of the floor price of the collections. This cooperative effort ensured the recovery of all 36 BAYC and 18 MAYC NFTs initially exploited.

Understanding the exploit: Vulnerability in platform’s security

According to “Foobar,” the pseudonymous founder and developer of Delegate, the vulnerability leading to the exploit was introduced 11 days before the hack. A smart contract upgrade allowed the misuse of a multicall feature, enabling unauthorized transfers of NFTs due to previously granted trading permissions.

In response, Foobar issued a call for users to revoke all permissions granted to two old contracts (0xc310e760778ecbca4c65b6c559874757a4c4ece0 and 0x13d8faF4A690f5AE52E2D2C52938d1167057B9af). This preventative measure aims to mitigate the risk of potential future attacks. The developer and NFT Trader’s team acted swiftly to halt the ongoing attack and secure the platform.

The hacker, described as having limited technical skills but asserting they were “a good person,” outlined their demands for compensation. The negotiation involved specific payment terms, with the hacker detailing a percentage-based compensation structure for each type of NFT. Yuga Labs co-founder Greg Solano ultimately paid the bounty, facilitating the return of the stolen tokens to their rightful owners.

Yuga Labs not only contributed to the financial aspect of the recovery but also actively participated in negotiations to ensure the safe return of the tokens. The creator’s involvement demonstrates a commitment to the security and integrity of their NFT collections, providing a sense of reassurance to the affected community.

Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.

Share link:

Most read

Loading Most Read articles...

Stay on top of crypto news, get daily updates in your inbox

Related News

Messari founder gets extreme with Trump support, calls Vitalik Buterin useless
Subscribe to CryptoPolitan